Notice Information
Notice Title
Provision of Third Party Assurance Under the Gov Assure Scheme
Notice Description
GovAssure is the new cyber security assurance approach for government that has replaced the cyber security element of the Departmental Security Health Check (DSHC) from April 2023. The GovAssure assurance approach meets the requirements for and objective understanding of government cyber security. Organisations will assess critical systems against one of two target CAF profiles for government, the Baseline or the Enhanced Profile. This will provide organisations and the Security Function with a more effective mechanism to understand the level of cyber resilience across government. GovAssure is designed for OFFICIAL systems and does not currently apply to systems processing data classified as SECRET or above. Higher classification systems will be considered at a later date. GovAssure will apply to government sector Critical National Infrastructure (CNI), bringing them under a common assurance process for cyber. DVLA's Cyber Security team are required to carry out a self-assessment on three of the systems used within DVLA the NCSC Cyber Assurance Framework (CAF). Once the reports have been completed these are required to be uploaded into a Cabinet Office Portal. The DVLA requires a supplier to provide the following service: * Have access to the Cabinet Office Portal. * Carry out an assessment for each of the system reports. * Provide a written report for each system to be uploaded to the portal providing their findings and make recommendations for improvements. * Essential that all supplier staff have engaged in undertaking the work under this contract must be security vetted to at least SC. The supplier will have no access to DVLA systems or personal data, the supplier will follow Cabinet Office direction on assessment and report formats. Only the successful supplier will have access to the DVLA reports within the Cabinet Office Portal. DVLA will provide DVLA-issued laptops with user accounts for undertaking the work under this contract. Remote working will be permitted using the secure remote working solution provided by DVLA, but the successful company will need to arrange to securely collect the devices and to securely return them on completion of the contract. The devices will be provided only to undertake the work under this contract and must not be used to connect to any other network or undertake any other activity without authorisation from DVLA. The supplier must be able to carry out this service and provide the relevant reports by Mid-October. On completion of the reports DVLA are required to sign off/accept the contents of the report by Mid-November. All reports will be assessed by Cabinet Office and an improvement plan will be provided. It is envisaged that Vehicles CASP and Tachos are of high complexity with the Payment Broker being within the mid-tier range. These systems will be assessed using the BASELINE Profile
Notice Details
Publication & Lifecycle
- Open Contracting ID
- ocds-b5fd17-7a4721a5-ccf5-42b9-8262-73da3b15f758
- Publication Source
- Contracts Finder
- Latest Notice
- https://www.contractsfinder.service.gov.uk/Notice/53eb3e83-f5c2-49d8-a39f-e0fd011c6621
- Current Stage
- Award
- All Stages
- Award
Procurement Classification
- Notice Type
- Award Notice
- Procurement Type
- Dynamic
- Procurement Category
- Works
- Procurement Method
- Selective
- Procurement Method Details
- Call-off from a dynamic purchasing system
- Tender Suitability
- SME, VCSE
- Awardee Scale
- Large
Common Procurement Vocabulary (CPV)
- CPV Divisions
72 - IT services: consulting, software development, Internet and support
-
- CPV Codes
72150000 - Computer audit consultancy and hardware consultancy services
Notice Value(s)
- Tender Value
- £25,000 Under £100K
- Lots Value
- Not specified
- Awards Value
- £15,999 Under £100K
- Contracts Value
- Not specified
Notice Dates
- Publication Date
- 21 Oct 20241 years ago
- Submission Deadline
- 12 Sep 2024Expired
- Future Notice Date
- Not specified
- Award Date
- 2 Oct 20241 years ago
- Contract Period
- 20 Nov 2024 - 19 Nov 2025 6-12 months
- Recurrence
- Not specified
Notice Status
- Tender Status
- Complete
- Lots Status
- Not Specified
- Awards Status
- Active
- Contracts Status
- Not Specified
Buyer & Supplier
Contracting Authority (Buyer)
- Main Buyer
- DRIVER & VEHICLE LICENSING AGENCY
- Contact Name
- Available with D3 Tenders Premium →
- Contact Email
- Available with D3 Tenders Premium →
- Contact Phone
- Available with D3 Tenders Premium →
Buyer Location
- Locality
- SWANSEA
- Postcode
- SA6 7JL
- Post Town
- Swansea
- Country
- Wales
-
- Major Region (ITL 1)
- TLL Wales
- Basic Region (ITL 2)
- TLL4 Mid and South West Wales
- Small Region (ITL 3)
- TLL43 Swansea
- Delivery Location
- Not specified
-
- Local Authority
- Swansea
- Electoral Ward
- Mynydd-bach
- Westminster Constituency
- Swansea West
Further Information
Notice Documents
-
https://www.contractsfinder.service.gov.uk/Notice/53eb3e83-f5c2-49d8-a39f-e0fd011c6621
21st October 2024 - Awarded contract notice on Contracts Finder
Open Contracting Data Standard (OCDS)
View full OCDS Record for this contracting process
The Open Contracting Data Standard (OCDS) is a framework designed to increase transparency and access to public procurement data in the public sector. It is widely used by governments and organisations worldwide to report on procurement processes and contracts.
{
"tag": [
"compiled"
],
"id": "ocds-b5fd17-7a4721a5-ccf5-42b9-8262-73da3b15f758-2024-10-21T12:16:47+01:00",
"date": "2024-10-21T12:16:47+01:00",
"ocid": "ocds-b5fd17-7a4721a5-ccf5-42b9-8262-73da3b15f758",
"language": "en",
"initiationType": "tender",
"tender": {
"id": "PS/24/115",
"title": "Provision of Third Party Assurance Under the Gov Assure Scheme",
"description": "GovAssure is the new cyber security assurance approach for government that has replaced the cyber security element of the Departmental Security Health Check (DSHC) from April 2023. The GovAssure assurance approach meets the requirements for and objective understanding of government cyber security. Organisations will assess critical systems against one of two target CAF profiles for government, the Baseline or the Enhanced Profile. This will provide organisations and the Security Function with a more effective mechanism to understand the level of cyber resilience across government. GovAssure is designed for OFFICIAL systems and does not currently apply to systems processing data classified as SECRET or above. Higher classification systems will be considered at a later date. GovAssure will apply to government sector Critical National Infrastructure (CNI), bringing them under a common assurance process for cyber. DVLA's Cyber Security team are required to carry out a self-assessment on three of the systems used within DVLA the NCSC Cyber Assurance Framework (CAF). Once the reports have been completed these are required to be uploaded into a Cabinet Office Portal. The DVLA requires a supplier to provide the following service: * Have access to the Cabinet Office Portal. * Carry out an assessment for each of the system reports. * Provide a written report for each system to be uploaded to the portal providing their findings and make recommendations for improvements. * Essential that all supplier staff have engaged in undertaking the work under this contract must be security vetted to at least SC. The supplier will have no access to DVLA systems or personal data, the supplier will follow Cabinet Office direction on assessment and report formats. Only the successful supplier will have access to the DVLA reports within the Cabinet Office Portal. DVLA will provide DVLA-issued laptops with user accounts for undertaking the work under this contract. Remote working will be permitted using the secure remote working solution provided by DVLA, but the successful company will need to arrange to securely collect the devices and to securely return them on completion of the contract. The devices will be provided only to undertake the work under this contract and must not be used to connect to any other network or undertake any other activity without authorisation from DVLA. The supplier must be able to carry out this service and provide the relevant reports by Mid-October. On completion of the reports DVLA are required to sign off/accept the contents of the report by Mid-November. All reports will be assessed by Cabinet Office and an improvement plan will be provided. It is envisaged that Vehicles CASP and Tachos are of high complexity with the Payment Broker being within the mid-tier range. These systems will be assessed using the BASELINE Profile",
"status": "complete",
"classification": {
"scheme": "CPV",
"id": "72150000",
"description": "Computer audit consultancy and hardware consultancy services"
},
"items": [
{
"id": "1",
"deliveryAddresses": [
{
"postalCode": "SA6 7JL"
}
]
}
],
"value": {
"amount": 25000,
"currency": "GBP"
},
"procurementMethod": "selective",
"procurementMethodDetails": "Call-off from a dynamic purchasing system",
"tenderPeriod": {
"endDate": "2024-09-12T12:00:00+01:00"
},
"contractPeriod": {
"startDate": "2024-11-20T00:00:00Z",
"endDate": "2025-11-19T23:59:59Z"
},
"suitability": {
"sme": true,
"vcse": true
},
"mainProcurementCategory": "works"
},
"parties": [
{
"id": "GB-SRS-sid4gov.cabinetoffice.gov.uk/NsBK36A7",
"name": "DRIVER & VEHICLE LICENSING AGENCY",
"identifier": {
"legalName": "DRIVER & VEHICLE LICENSING AGENCY",
"scheme": "GB-SRS",
"id": "sid4gov.cabinetoffice.gov.uk/NsBK36A7"
},
"address": {
"streetAddress": "Longview Road,Clase",
"locality": "SWANSEA",
"postalCode": "SA67JL",
"countryName": "Wales"
},
"contactPoint": {
"name": "Kristopher Simeone",
"email": "kristopher.simeone@dvla.gov.uk",
"telephone": "01792788426"
},
"roles": [
"buyer"
]
},
{
"id": "GB-CFS-299027",
"name": "Arcanum Information Security Ltd",
"identifier": {
"legalName": "Arcanum Information Security Ltd"
},
"address": {
"streetAddress": "Ty Penywaun, Mountain Road, Bedwas, Caerphilly, CF83 8ER"
},
"details": {
"scale": "large",
"vcse": false
},
"roles": [
"supplier"
]
}
],
"buyer": {
"id": "GB-SRS-sid4gov.cabinetoffice.gov.uk/NsBK36A7",
"name": "DRIVER & VEHICLE LICENSING AGENCY"
},
"awards": [
{
"id": "ocds-b5fd17-7a4721a5-ccf5-42b9-8262-73da3b15f758-1",
"status": "active",
"date": "2024-10-03T00:00:00+01:00",
"datePublished": "2024-10-21T12:16:47+01:00",
"value": {
"amount": 15999,
"currency": "GBP"
},
"suppliers": [
{
"id": "GB-CFS-299027",
"name": "Arcanum Information Security Ltd"
}
],
"contractPeriod": {
"startDate": "2024-11-20T00:00:00Z",
"endDate": "2025-11-19T23:59:59Z"
},
"documents": [
{
"id": "1",
"documentType": "awardNotice",
"description": "Awarded contract notice on Contracts Finder",
"url": "https://www.contractsfinder.service.gov.uk/Notice/53eb3e83-f5c2-49d8-a39f-e0fd011c6621",
"datePublished": "2024-10-21T12:16:47+01:00",
"format": "text/html",
"language": "en"
},
{
"id": "2",
"documentType": "awardNotice",
"url": "https://www.contractsfinder.service.gov.uk/Notice/Attachment/f69891bf-66e3-47a2-9019-b208f266d021",
"format": "application/pdf"
},
{
"id": "3",
"documentType": "contractSigned",
"url": "https://www.contractsfinder.service.gov.uk/Notice/Attachment/cfe30f08-77ce-402e-a196-6b6610bd534f",
"format": "application/pdf"
}
]
}
]
}